Introduction

The security of many RFID protocols depends on owning the production process, controlling the card or reader distribution, magic unique read-only IDs that stop you from copying card content and hardwired protocols in cards and readers that stop you from tampering with the communication (man-in-the middle, remote forwarding etc.) on chip- or firmware-level.

As a result of these security features a key requirement for evaluating and breaking RFID cards is to have full control over protocols and cards on radio-frequency level. In our last years course we did show how to build and use RFID sniffers to reverse engineer unknown card protocols. This year we will teach you emulating 13.56MHz HF RFID cards and readers on radio-frequency level (ISO14443, ISO15693, NFC and proprietary) in software and readers on radio-frequency level in software.

This three day hands-on course will teach you to emulate proprietary 13.56MHz reader and card protocols (ISO14443A, ISO15693, NFC and proprietary card chips) in software and show real world attacks on prominent RFID card systems on protocol level. It will show how to practically exploit weaknesses in the random number generation of RFID cards or how to perform card emulation for cloning cards.

compiling the latest OpenPCD 2 source code and flashing the firmware

Press both the RESET+FLASH button and release RESET first to switch OpenPCD 2 into programming mode. A mass storage device containing the firmware image pops up as a result.

OpenPCD is also capable of running in a stand-alone mode where the RFID protocol is handle by the onboard ARM cpu. For a stand-alone firmware example - please refer to firmware/lpc13xx/openpcd2. In src/main.c you can see the interface for talking to the PN532 chip and sending out data via USB Serial CDC ACM protocol.